<!DOCTYPE HTML>
<?php
session_start();
?>
<html>
	<head>
		<meta charset="utf-8">
		<title>商城后台</title>
		
	</head>
	<body>
		<center>
			<h3>会员信息操作</h3>
			<?php
				date_default_timezone_set("PRC");			//设置默认时区
				require("../../public/config.php");			//导入数据库文件
				
				$link = mysqli_connect(HOST,USER,PASS,DBNAME);		//连接数据库
				
				if(!$link){				//判断连接释放成功		
					die("数据库连接失败！原因：".mysqli_connect_error());
				}
				$falg = true;
				mysqli_set_charset($link,"utf8");		//设置数据库编码
				//根据a传来的值进行相应的判断
				switch ($_GET['a']){
					case "add":							//增加会员信息
						$username = $_POST['username'];		//接收传过来的字段值
						$name = $_POST['name'];
						$pass = $_POST['pass'];
						$sex = $_POST['sex'];
						$address = $_POST['address'];
						$code = $_POST['code'];
						$phone = $_POST['phone'];
						$email = $_POST['email'];
						$state = $_POST['state'];
						$addtime = time();
						//拼接sql语句
						$sql = "insert into users(username,name,pass,sex,address,code,phone,email,state,addtime)
								values ('{$username}','{$name}','{$pass}','{$sex}','{$address}','{$code}','{$phone}','{$email}',
								'{$state}','{$addtime}')";
								
						//发送sql语句
						mysqli_query($link,$sql);
						//判断增加是否成功
						if(mysqli_insert_id($link)>0){
							echo '<script>alert("添加成功！"); </script>';
							header("refresh:0;url=index.php");
						}else{
							echo "添加失败！原因是：".mysqli_error($link);
							header("refresh:2;url=index.php");
						}
						break;
						//接收a的值进行删除操作
					case "del":
						$id = $_GET['id'];
						$sql = "select * from users where id=".$id;//获取要删除的id
						$res = mysqli_query($link,$sql);
						$row = mysqli_fetch_assoc($res);
						//判断要删除的是不是本账号
						if($row['username']==$_SESSION['adminuser']['username']){	
							echo '<script>alert("本账号不能删除本账号！"); </script>';
							header("refresh:0;url=index.php");
							exit();
						}

						$sql = "delete from users where id=".$_GET['id'];//拼接sql语句
						
						mysqli_query($link,$sql);						//执行sql语句
																	
						header("Location:".$_SERVER["HTTP_REFERER"]);	//跳转页面
						break;
						//接收a的值进行修改操作
					case "update":
						$username = $_POST['username'];					//获取传过来的字段值
						$name = $_POST['name'];
						$sex = $_POST['sex'];
						$address = $_POST['address'];
						$code = $_POST['code'];
						$phone = $_POST['phone'];
						$email = $_POST['email'];
						$state = $_POST['state'];
						$id = $_POST['id'];
						//=====判断管理员有无提升用户为管理员的权限===========================
						if($_SESSION['adminuser']['username']=='admin2'){
							$sql = "select * from users where id={$id}";
							$ad = mysqli_query($link,$sql);
							$adres = mysqli_fetch_assoc($ad);
							if ($_SESSION['adminuser']['username']==$adres['username']) {
								if ($state!=0) {
									echo '<script>alert("超管不能降低自己的权限"); </script>';
									header("refresh:0;url=edit.php?id={$id}");
									exit();	
								}
								
							}
						}else{

							$tate==0;
							echo '<script>alert("非超管没有设置管理员的权限"); </script>';
							header("refresh:0;url=edit.php?id={$id}");
							exit();
						}

						//拼接sql语句
						$sql = "update users set username='{$username}',name='{$name}',sex='{$sex}',
								address='{$address}',code='{$code}',phone='{$phone}',email='{$email}',
								state ='{$state}' where id=".$id;
						
						mysqli_query($link,$sql);		//发送sql语句并执行
						
						if(mysqli_affected_rows($link)){		//判断执行是否成功
							echo '<script>alert("修改成功！"); </script>';
							header("refresh:0;url=index.php");
						}else{
							// echo "修改失败！".mysqli_error($link);
							header("refresh:0;url=index.php");
						}
						break;
						
					case "up":			//提升管理员的操作权限
						//判断当前账号有无权限提升用户为管理员
						if($_SESSION['adminuser']['username']!='admin2'){
							echo '<script>alert("本账号没有提升用户为管理员的权限"); </script>';
							header("refresh:0;url=index.php");
							exit();
						}

						$sql = "update users set state='0' where id=".$_GET['id'];	//拼接sql语句
						mysqli_query($link,$sql);		//发送sql语句并执行
						if(mysqli_affected_rows($link)){		//判断是否有更新成功
							header("Location:".$_SERVER["HTTP_REFERER"]);
							exit();
						}else{
							echo '<script>alert("已经是管理员！"); </script>';
							header("refresh:0;url=index.php");
							exit();
						}
						break;
					//降低管理员的操作权限
					case "start":

						$id = $_GET['id'];
						$sql = "select * from users where id=".$id;//获取要改变的id
						$res = mysqli_query($link,$sql);
						$row = mysqli_fetch_assoc($res);

						if($_SESSION['adminuser']['username']=='admin2'){
							if($_SESSION['adminuser']['id']==$row['id']){
								echo '<script>alert("超管不能降低自己的权限！"); </script>';
								header("refresh:0;url=index.php");
								exit();
							}
						}

						$sql = "update users set state='1' where id=".$_GET['id'];
						mysqli_query($link,$sql);
						if(mysqli_affected_rows($link)){
							header("Location:".$_SERVER["HTTP_REFERER"]);
						}else{
							// echo '<script>alert("完成！"); </script>';
							header("refresh:0;url=index.php");
						}
						break;
					//禁用	
					case "stop":
						$id = $_GET['id'];
						$sql = "select * from users where id=".$id;//获取要改变的id
						$res = mysqli_query($link,$sql);
						$row = mysqli_fetch_assoc($res);

						if($_SESSION['adminuser']['username']=='admin2'){
							if($_SESSION['adminuser']['id']==$row['id']){
								echo '<script>alert("超管不能禁用自己"); </script>';
								header("refresh:0;url=index.php");
								exit();
							}
						}
						$sql = "update users set state='2' where id=".$_GET['id'];
						mysqli_query($link,$sql);
						if(mysqli_affected_rows($link)){
							header("Location:".$_SERVER["HTTP_REFERER"]);
							exit();
						}else{
							echo '<script>alert("已禁用！"); </script>';
							header("refresh:0;url=index.php");
							exit();
						}

				}
				mysqli_close($link);		//关闭数据库
				
			?>
		</center>
	</body>
</html>